NAI Comments on CCPA Updates, Cyber, Risk, ADMT, and Insurance Regulations

On February 19, the NAI submitted comments to the California Privacy Protection Agency (CPPA) in response to proposed regulations regarding CCPA Updates, Insurance, Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking Technology under the California Consumer Privacy Act. We offer the following recommendations which we are hopeful will assist the Agency in meeting its objectives for the rulemaking while preserving an open, global, and secure internet for all California consumers:

• Remove Cross-Context Behavioral Advertising (“CCBA”) from the definition of “Behavioral
  Advertising” to avoid presenting consumers with duplicative and potentially confusing choices.

• Consolidate the additional disclosures proposed for the ADMT Pre-Use Notice with the existing Notice at Collection requirements.

• Remove the proposed “remains deleted” language in section 7022 of the CCPA regulations to avoid inconsistencies with existing requirements to permanently and completely erase data.

• Clarify that, when conducting risk assessments, businesses must ensure that their use of ADMT does not unlawfully discriminate based upon protected classes.

• Clarify that the proposed right to access ADMT does not require a business to reveal any trade secrets when responding to a verifiable consumer access request.

• Harmonize the attestation requirements for ADMT risk assessments with the grace period that relieves businesses from immediately conducting risk assessments of ADMT processing initiated prior to the effective date of the Proposed Regulations.

Read the full comments here: